DevOps | SonarQube Integration With Jenkins | SonarQube Scanner For Jenkins | Thetips4you

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello friends welcome back to my channel in my previous videos we have seen how to create sonar cube instance in docker and we can make use of sonar q for code quality detecting box static code analysis and vulnerability management so in this tutorial we are going to make use of the sonar cube running on docker to integrate with Jenkins so we will go through the step by step procedure or integrating sonar cube with Jenkins and will see the output of the scans in the sonar cube so by end of this tutorial we'll be able to have a good understanding how you can make the sonar cube scans to review your code identify your box vulnerabilities etc so let's get started if you haven't subscribed to my channel kindly subscribe like the video share and comment so to start we have to have a machine where we can create docker containers so I already have a docker running CentOS machine so I'm going to run the command tool create the sonar cube container so to know about these commands I would recommend you to check my previous tutorial how to create sera cube docker container so in that I have explained you all the details how to create a docker container so we can access the sonar cube on the hosts IP and the port 9000 which we exposed in the docker container let's wait the sonar cube is starting okay so we are on the login page where we can click on login and the default username is admin and the password is admin cool so just crowd my previous tutorial so you'll know what all the steps we mean by the rocker on command for sonic qube again you know I'm going to run another command to create a Jenkins instant in docker here also I'm just running the command which I have explained in my one of the tutorial for Jenkins so again I would request you to check the tutorial on running Jenkins on docker so we are going to access the Jenkins on the hosts IP and port 8000 okay and in Jenkins I have mapped the volume slash var slash thinking so he can go to that folder and secrets folder and you'll have a file called initial admin password so you have to read that file to login to the Jenkins instance so I'm just going quickly in this stages because I'm not going to take much time on setting up all four sonarqube and Jenkins which you can go through the link on my video description which will give you complete information so click on install plug-in and we will get started with Jenkins setup and we'll also need to set up the initial admin user account and password in the next screen fast-forward the installation it may easily take some time so let's create the username and password so I'm going to create an admin user and their password for that you can give an email address ok just click on save and finish so our Jenkins in is ready so we can see we are on the Jenkins homepage and we also have the sonarqube instance running so let's create a new project under sonarqube and i'm naming it as sonarqube the project key because we have to use that for decoration so we can give any name so I'm just using sonar cube ok so we have the project so already sonar cube now let's go to the Jenkins again let's create the job so I'm giving a names as sonar cube again in Jenkins it may be confusing like earth to sonar cube here and there but you can give any name let's go to the build section of the job and then under the build if you see we don't see any option to integrate with sonar cube why because we don't have the plug-in for sonar cube install so go to manor chickens manage plug-in and go to available section search for a sonar cube so when you search for sonic qube you can see like sonar cube scanner so select that and click on install without restart ok let's wait for the installation to be completed okay we're almost done yeah so our the installation is completed now if you go back to the job and go to configure let's go to the build section again and you can see execute sonar cube scanner so you have a few options execute sonic qube scanner but if you select that we cannot do anything because we need to configure sonar cube scanner under configuration and global tools so again we have to go to manage Jenkins and manage a global tools configuration so let's click on that and if you scroll down you have an option for sonar cube scanner so we are not using the sonar q4 msbuild so here you have to give the name just give any name which you want to give and select install automatically so I'm going to use the version as the latest version and save it and now we have to go to configure system and is also under manage Incans configure system if you scroll down you will have again one more setting for sonic qube servers so here we have to enable the environmental variables and also we have to give a name for the sonar cube instance and I'm going to give the server in which the sonar cube is running so we can copy the link from there and paste it here so it will be the IP address and the port 9000 so we're not going to use any authentication just click on save ok great so now if you go back to configure the job and go to the build section now you can see that all error messages are gone so now we can make use of that sonar cube instead so before we do that let's integrate one of our git server so I'm going to use to project here this time 1 for C sharp which I use for msbuild which is a very simple hello world project and I will also use one of test Java projects so we'll see how jacoub respond to both those scans okay so the main properties which we have to set for sonic qube to work is so on our project key so I'm going to add all these configuration settings so that you know when we run the job it will update the scan result into the sonar cube instant so give the sonar cube project key as your project name or project key which we created in the sonarqube instant and the login is admin admin and the source of the scanning file because we are going to use the Jenkins and we are going to download the get to the Jenkins workspace so I'm going to go to the /wor Jenkins home so /watch Jenkins home is the place where all your Jenkins data will be stores and workspace is the place where the get files will be downloaded so since this is the project name is sonar cube I am going to give that as file and the sonar host again the IP address I'm getting the IP address so this is the simple configuration now let's click on build now ok let's check the console output so you'll be able to see the get is getting downloaded okay and you can see the build blocks so let's wait to see whether we are able to get a successful job or not so let's wait okay it may take some time depending upon the project size how much it has to scan but this is a small project so it will be completed much quicker so you can see it's trying to go to the project configurations quality profiles so all those activities great so we got the success of the project job so let's go back to sonarqube and if you refresh you can see there is a green past and if you go inside the project you can see now there are some data but I know this project is very small so if there is no bugs so you don't see any bugs you don't see any vulnerabilities so everything is green okay so that's a very small project so now let's do another project okay so we'll create a new project now so we are going to create a new job okay so I'm call it a sonar cube demo okay again I'm going to select freestyle project and I will create a new project in sonar cube for this integration okay so I'm going to call again sonar cube demo here as well okay so we can see the project in sonarqube so we'll use that to integrate okay so before that let's call get the github link okay so I have given all these links the instructions everything in my video description so you don't have to worry you can just copy the links and you can put the instructions into your Jenkins instance okay so so we have integrated kit now so let's write the properties so here again the project sonar dog project key is one of the key things so which we are going to give so on our cube demo and the Sona login is admin and the password is admin and I'm going to give some exclusion here because since I'm using a Java project it may throw some errors if you don't give this exclusion so I'm excluding some of the Java files and some things okay and so on our source again it's the location where the files will be there so it will be under workspace in Jenkins so I'm going to give that workspace location for sonarqube demo and the host URL I'm going to give the host URL as well so you can see the whole commands or properties which I'm going to give it in the sonar cube scanner okay so let's save it and let's run the build again okay let's wait for the bill to be completed so again you know we have to see what all process it's running so this time we will see whether we are going to see some bugs or whenever it is detected okay good so again we got the successful execution okay so let's go back to us on our cube and refresh so now with this time if you see this on our cube demo project there are four bucks one vulnerabilities and you know you have thirty three code shoes and you know the coverage is zero and the duplicate is 16.3% days right so if you go to the bug it will tell you what the Box you know it has been detected so you know this will be very useful when you are doing development projects you have the code review is one of the critical activities so you see the password detector in this expression so this is the potentially hard-coded credentials so this will tell you what you have to be fixed so this is very helpful tool or you can make use of it for your development project or we can go through all this critical vulnerabilities and the box and how the code is returned okay so you can see duplicates it gives you complete information so I don't have to explain much about each thing you just go through one by one and you'll be able to understand it so overview page itself will have all these pictures see it's even tell you what's the risk I know how you can fix it so it's a very interesting tutorial and to go through all these things you so this will be the second tutorial on sonarqube like we have seen setup docker so knock you mean docker and now we are integrating with Jenkins in future tutorial we'll also see how we can integrate on our cube in the Jenkins pipeline chops you to summarize we have seen how to run sonic qube as a docker container and integrate with Jenkins we have installed sonarqube scanner plugin configured the same to start the build and we have also used c-sharp project and also a Java project to see what other bugs and vulnerabilities identified so I hope this tutorial is informative for you thank you for watching kindly subscribe to my channel like the video share and comment

Info

Channel: Thetips4you

Views: 30,403

Rating: undefined out of 5

Keywords: sonarqube integration with jenkins, sonarqube integration with jenkins pipeline, sonarqube jenkins configuration, sonarqube integration with jenkins windows, sonarqube jenkins integration, sonarqube jenkins plugin, sonarqube jenkins pipeline, jenkins sonarqube docker, sonarqube con jenkins, jenkins pipeline for sonarqube, sonarqube scanner for jenkins, devops jenkins sonarqube, sonarqube on jenkins, jenkins sonarqube scanner, sonarqube token jenkins, jenkins, sonarqube, thetips4you

Id: tbr_PeAGdfo

Channel Id: undefined

Length: 16min 19sec (979 seconds)

Published: Fri Jul 03 2020